Skip to main content

Microsoft

17282 CVEs vendor

Monthly

CVE-2026-58609 HIGH PATCH This Week

Local code execution in the Microsoft Graphics Component affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). An attacker who convinces a user to open a specially crafted file or content triggers an out-of-bounds read (CWE-125) that Microsoft rates as enabling code execution with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; exploitation requires local access plus user interaction, making it a standard patch-cycle priority rather than an emergency.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58608 HIGH PATCH NEWS Exploit Unlikely This Week

Network code execution in the Windows Print Spooler service allows an authenticated attacker to win a synchronization race and run arbitrary code across a broad range of Windows client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025). Microsoft rates it CVSS 8.8 with high confidentiality, integrity, and availability impact; a vendor patch is available, and there is no public exploit identified at time of analysis. Note that the CVE description and CVSS indicate remote code execution while the source tags label it 'Information Disclosure' — a discrepancy defenders should verify against the MSRC advisory.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-58602 HIGH PATCH This Week

Local privilege escalation in the Windows Kernel Mode Driver affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a use-after-free (CWE-416) lets an already-authenticated local attacker corrupt kernel memory and elevate to SYSTEM. Reported by Microsoft with a patch already available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 7.8 (AV:L/PR:L) reflects a high-impact but locally-scoped flaw requiring an existing foothold on the host.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50522 CRITICAL PATCH NEWS Exploit Likely Act Now

Remote code execution in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) lets an unauthenticated attacker run arbitrary code by sending a crafted serialized payload over the network. The flaw is an untrusted-data deserialization (CWE-502) rated CVSS 9.8 with PR:N/UI:N, meaning no credentials or user interaction are required. No public exploit identified at time of analysis, but the pre-auth network vector and SharePoint's long history as an attacker target make this a high-priority patch.

Microsoft Deserialization Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition
NVD
CVSS 3.1
9.8
EPSS
19.7%
CVE-2026-58595 HIGH PATCH Exploit Unlikely This Week

Spoofing in the Microsoft Bing Search app for iOS lets a remote attacker present deceptive or overlaid UI content that misleads the victim, because the app improperly restricts how rendered UI layers or frames are displayed (CWE-1021, a UI-redressing/clickjacking class of flaw). An unauthenticated attacker who lures a user into interacting with attacker-controlled content can manipulate what the user sees and trusts, potentially inducing them to act on falsified information. Microsoft has released a fix; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Apple Microsoft XSS Microsoft Bing Search For Ios
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2026-58526 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows arises from a use-after-free flaw (CWE-416) in the Windows Storage component, affecting Windows 10 (1809, 21H2, 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2019/2022/2025. An authorized attacker who already has low-level access to a machine can trigger the freed-memory reuse to elevate to higher privileges (CVSS 7.0, high attack complexity). Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-58279 MEDIUM PATCH Exploit Unlikely This Month

Missing authorization in Azure CycleCloud allows an authorized attacker to elevate privileges over a network.

Authentication Bypass Microsoft Azure Cyclecloud 8 9 1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2026-55014 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Remote Help allows an authenticated low-privileged user to elevate to higher privileges via improper access control (authorization bypass) in the Remote Help component. Exploitation requires prior local access with limited privileges (PR:L) but no user interaction, yielding full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV, though Microsoft has released a patch.

Authentication Bypass Microsoft Windows Remote Help
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-57979 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +14
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2026-57969 HIGH PATCH This Week

Privilege escalation in Microsoft Azure CycleCloud 8.9.1 allows an authorized (low-privileged) attacker to gain elevated privileges over the network by reaching a critical function that lacks an authentication check (CWE-306). Reported by Microsoft with a patch available and rated CVSS 8.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The flaw enables full compromise of the CycleCloud instance's confidentiality, integrity, and availability, making it a high-priority patch for HPC-orchestration environments.

Authentication Bypass Microsoft Azure Cyclecloud 8 9 1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-57107 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Admin Center allows an already-authenticated, low-privileged attacker to elevate to higher privileges by abusing an improper authentication weakness (CWE-287). Any host running the management tool is affected, and successful exploitation yields full confidentiality, integrity, and availability impact on the local system. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a fix.

Authentication Bypass Microsoft Windows Admin Center
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-57097 MEDIUM PATCH Exploit Unlikely This Month

Untrusted search path in Microsoft XML allows an unauthorized attacker to bypass a security feature with a physical attack.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2026-56185 MEDIUM PATCH Exploit Unlikely This Month

Improper authentication in Windows Admin Center allows an authorized attacker to disclose information over a network.

Authentication Bypass Microsoft Windows Admin Center
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2026-56193 LOW PATCH Exploit Unlikely Monitor

Information disclosure in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) via an out-of-bounds read (CWE-125) lets an attacker leak sensitive memory contents when a victim opens a maliciously crafted document. The CVSS 3.1 base score is 7.1 (AV:L/AC:L/PR:N/UI:R), reflecting local exploitation that requires user interaction but no prior authentication. Microsoft is the reporting source and has published a fix; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Office 2016 +6
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2026-54127 HIGH PATCH NEWS Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Hyper-V (Windows 11 24H2/25H2/26H1 and Windows Server 2022/2025) stems from a use-after-free memory-corruption condition that lets an attacker with a local foothold execute code at elevated, potentially SYSTEM/hypervisor-level privilege. Microsoft rates it CVSS 8.4 with total confidentiality, integrity, and availability impact, and there is no public exploit identified at time of analysis. EPSS is low (0.24%, 16th percentile) and CISA SSVC lists exploitation status as none, so this is a high-severity patch-on-cycle item rather than an actively exploited emergency.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +5
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2026-50694 CRITICAL PATCH NEWS Act Now

Remote code execution in Microsoft Windows Secure Socket Tunneling Protocol (SSTP) allows an unauthorized network attacker to run arbitrary code by triggering a use-after-free (CWE-416) memory-corruption condition. The flaw affects a broad range of Windows client and server releases from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025, and per its CVSS 9.8 vector requires no authentication or user interaction. There is no public exploit identified at time of analysis, and the EPSS probability is modest (0.61%), so despite the critical score exploitation is not yet observed.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-56169 HIGH PATCH Exploit Unlikely This Week

Privilege elevation in Microsoft Windows Admin Center allows an already-authenticated (low-privileged) network attacker to bypass improper authentication controls and gain higher privileges, exposing high-value confidentiality and integrity impact. Rated CVSS 8.1 with low attack complexity and no user interaction, the flaw is remotely reachable but requires an existing authorized session. No public exploit identified at time of analysis; Microsoft has released a fix via the MSRC update guide.

Authentication Bypass Microsoft Windows Admin Center
NVD VulDB
CVSS 3.1
8.1
EPSS
0.5%
CVE-2026-56164 CRITICAL POC KEV PATCH THREAT CISA Exploited Act Now

Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets an unauthenticated network attacker reach a security-critical function that lacks any authentication check (CWE-306), gaining elevated privileges on the target farm. The flaw is confirmed actively exploited (CISA KEV) with publicly available exploit code, and its CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N) reflects fully remote, unauthenticated exploitation with high confidentiality, integrity, and availability impact. Microsoft has released a patch via MSRC.

Authentication Bypass Microsoft Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition
NVD VulDB
CVSS 3.1
9.8
EPSS
7.0%
Threat
7.9
CVE-2026-55948 HIGH PATCH This Week

Local code execution in Microsoft Excel (2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) arises from a use-after-free memory corruption (CWE-416) that an attacker triggers when a victim opens a maliciously crafted spreadsheet. Exploitation runs code in the context of the current user and requires user interaction (opening the file), with no public exploit identified at time of analysis. This is a locally-exploited, phishing-delivered class of bug typical of Office file-format handlers, patched by Microsoft via MSRC.

Use After Free Memory Corruption Denial Of Service Microsoft Microsoft 365 Apps For Enterprise +8
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55899 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (and the broader Office family through Microsoft 365 Apps, Office 2019/2021/2024 LTSC, Office for Mac, and Office Online Server) arises from a stack-based buffer overflow (CWE-121) triggered when a user opens a maliciously crafted spreadsheet. An attacker who convinces a victim to open the file runs arbitrary code in the security context of the current user, with high impact to confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV; Microsoft has released a patch.

Buffer Overflow Stack Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-54988 MEDIUM PATCH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2026-50678 LOW PATCH Exploit Unlikely Monitor

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2026-50675 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (including Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted spreadsheet, letting an attacker run arbitrary code in the user's context. The CVSS 3.1 score is 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), reflecting that exploitation needs user interaction but no prior privileges once the file is opened. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-54108 MEDIUM PATCH Exploit Unlikely This Month

External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Microsoft Information Disclosure Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2026-55144 HIGH PATCH This Week

Local tampering in Windows CryptoAPI (Crypt32) on Windows 11 (24H2/25H2/26H1) and Windows Server 2022/2025 stems from a missing cryptographic step, letting an authenticated local attacker undermine the integrity and confidentiality of cryptographically protected data. Microsoft rates it 7.1 (High) with high confidentiality and integrity impact; there is no public exploit identified at time of analysis and it is not on the CISA KEV list. A vendor patch is available through the MSRC update guide.

Microsoft Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +3
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-55012 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Defender (Microsoft Malware Protection Engine) allows an unauthorized attacker to run arbitrary code by having a maliciously crafted file processed by the scanning engine. The flaw stems from an integer overflow (CWE-190) that corrupts memory during scanning, yielding full confidentiality, integrity, and availability impact. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis.

Buffer Overflow Microsoft Integer Overflow Microsoft Malware Protection Engine
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-55011 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Defender's Malware Protection Engine (mpengine) arises from an integer underflow (CWE-191) that a local attacker can trigger with no prior authentication but requiring user interaction, yielding high confidentiality, integrity, and availability impact. Because Defender's scanning engine runs with SYSTEM-level privileges, successful exploitation would grant full compromise of the host. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; Microsoft has released a fix.

Authentication Bypass Microsoft Integer Overflow Microsoft Malware Protection Engine
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-50338 HIGH PATCH Exploit Unlikely This Week

Privilege elevation in Microsoft Azure Spring Apps allows an already-authenticated, low-privileged network attacker to gain higher privileges by abusing an improper authentication weakness (CWE-287) in the managed platform. Because the CVSS scope is marked as changed (S:C), a successful attack can reach resources beyond the attacker's originally authorized boundary, yielding high confidentiality and integrity impact. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; Microsoft has published an advisory and a patch is available server-side.

Java Authentication Bypass Microsoft Azure Spring Apps
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2026-55009 HIGH PATCH This Week

Local privilege escalation in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) allows an already-authenticated attacker with low privileges to elevate to higher privileges by abusing unsafe deserialization of untrusted data. Microsoft reported the flaw and has released a patch; no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 3.1 base score is 7.8 (High), reflecting full confidentiality, integrity, and availability impact on the affected host.

Microsoft Deserialization Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 14 Microsoft Exchange Server 2019 Cumulative Update 15 +1
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2026-55008 CRITICAL PATCH NEWS Exploit Likely Act Now

Stored/reflected cross-site scripting in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) lets a network-based, unauthenticated attacker inject malicious script that executes in a victim's browser session, enabling spoofing and - per the scope-changed CVSS 9.6 vector - high impact to confidentiality, integrity, and availability of resources beyond the vulnerable component. Exploitation requires the target to view attacker-controlled content (UI:R). Microsoft has released a patch; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft XSS Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 14 Microsoft Exchange Server 2019 Cumulative Update 15 +1
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2026-55006 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) allows an authenticated attacker with low-level privileges on the server to elevate to higher privileges due to insufficiently granular access controls (CWE-1220). The CVSS 3.1 score of 7.8 (AV:L/AC:L/PR:L) reflects local exploitation yielding full confidentiality, integrity, and availability impact. A vendor patch is available; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Microsoft Information Disclosure Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 14 Microsoft Exchange Server 2019 Cumulative Update 15 +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-55005 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) lets an authenticated attacker corrupt heap memory to run arbitrary code across the network. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N) shows low-privilege network exploitation with full confidentiality, integrity, and availability impact, and Microsoft has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 14 +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2026-54122 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows GDI+ (the graphics rendering component) via a heap-based buffer overflow (CWE-122), affecting a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Server 2012 through Server 2025. Per the supplied CVSS vector (PR:N), an unauthorized attacker who gets the vulnerable component to process crafted graphics data can achieve high-impact code execution (C:H/I:H/A:H) on the local system. Microsoft has published a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2026-55003 MEDIUM PATCH This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2026-54999 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in the Microsoft Windows TCP/IP networking stack allows an unauthenticated attacker on the same physical or logical network segment to win a race condition and run arbitrary code on the target. The flaw spans a broad range of desktop and server builds from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. There is no public exploit identified at time of analysis, but Microsoft has confirmed the issue and shipped a patch, and the high CVSS (8.8) plus network-facing kernel component make it a priority to remediate.

Authentication Bypass Microsoft Race Condition Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-54997 MEDIUM PATCH This Month

Information disclosure via uninitialized memory in the Windows SMB driver stack affects a broad range of Windows 10, Windows 11, and Windows Server versions. A locally authenticated, low-privileged attacker can trigger a code path that reads from uninitialized memory within the SMB subsystem, potentially leaking sensitive kernel or heap memory contents. No public exploit code or active exploitation has been identified at the time of analysis; Microsoft has released a patch via MSRC.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-54119 HIGH PATCH This Week

Denial of service in Windows Active Directory (spanning Windows 10, Windows 11, and Windows Server 2012 through 2025) lets a remote, unauthenticated attacker send crafted network traffic that drives an AD service into an infinite loop, exhausting CPU and rendering domain services unavailable. Because the CVSS vector is AV:N/AC:L/PR:N/UI:N with high availability impact and no confidentiality or integrity loss, this is a pure availability threat against domain controllers. Microsoft has released a patch; there is no public exploit identified at time of analysis and no CISA KEV listing.

Microsoft Denial Of Service Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-54996 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows USB Print Driver affecting Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 lets an already-authenticated, low-privileged user win a race condition (CWE-362) in the driver to gain higher privileges. Microsoft has released a patch and reported the flaw itself; there is no public exploit identified at time of analysis. The high attack complexity (AC:H) reflects the timing-dependent nature of exploiting the shared-resource synchronization defect.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-54114 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Win32K (the kernel-mode GUI subsystem) allows an authenticated local user to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of supported builds spanning Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025, including Server Core installations. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2026-54109 HIGH PATCH This Week

Local privilege escalation to code execution in the Windows Resilient File System (ReFS) driver affects a broad range of Windows 10/11 and Windows Server 2016 through 2025 releases, where an integer overflow (CWE-190) in filesystem processing lets an already-authenticated local user run arbitrary code in an elevated context. The CVSS 3.1 vector (AV:L/PR:L) confirms low-privileged local access is required rather than remote exploitation, and there is no public exploit identified at time of analysis. Microsoft has released a patch via MSRC.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-54992 HIGH POC PATCH NEWS Exploit Likely This Week

Local code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and server releases from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. A heap-based buffer overflow (CWE-122) lets an attacker who can reach the local MSMQ service run arbitrary code with high confidentiality, integrity, and availability impact; the CVSS 3.1 base score is 8.4 with a local attack vector but no privileges or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the vendor (Microsoft) has released a patch.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2026-55004 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Printer Drivers component across Windows 10, Windows 11 (through 26H1), and Windows Server 2012 through 2025 lets an already-authenticated attacker corrupt kernel-adjacent memory to gain higher privileges. The flaw is a double free (CWE-415) triggered locally by a low-privileged user, yielding high confidentiality, integrity, and availability impact (CVSS 7.8). No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-54112 HIGH PATCH This Week

Local privilege escalation in the Windows Win32K kernel-mode subsystem allows an already-authenticated attacker to win a race condition (CWE-362) and elevate to SYSTEM-level privileges across supported Windows 10, Windows 11, and Windows Server 2019-2025 builds. Reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis and EPSS is low (0.16%, 5th percentile). CVSS 7.0 reflects high attack complexity (AC:H) driven by the timing-window nature of the flaw and the requirement for existing low-privilege access (PR:L).

Microsoft Race Condition Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-55001 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Active Directory certificate-validation path lets an already-authenticated attacker on Windows 10 (1607/1809) and Windows Server 2016 through 2025 (including Server Core) improperly validate a certificate to gain higher privileges. Microsoft reported and patched the flaw (CWE-295), but there is no public exploit identified at time of analysis and it is not on CISA KEV. The CVSS 7.8 vector (AV:L/PR:L) confirms an authenticated local attacker with full confidentiality, integrity, and availability impact upon success.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows Server 2016 +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-54993 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Media Foundation lets an unauthorized attacker run arbitrary code by luring a user into opening a specially crafted media file. The flaw affects a broad range of Windows 10, Windows 11, and Windows Server builds (from 1809 through Windows 11 26H1 and Server 2025), and Microsoft has released patches. No public exploit identified at time of analysis, but the low attack complexity and full C/I/A impact make it a standard Patch-Tuesday priority.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-54986 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Win32K (the kernel-mode GUI subsystem) lets an already-authenticated low-privilege user corrupt kernel heap memory via a heap-based buffer overflow (CWE-122) to gain SYSTEM-level control. The flaw affects a broad range of client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2026-54107 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Win32K kernel-mode subsystem allows an authenticated low-privileged user to win a race condition and elevate to SYSTEM across Windows 10, Windows 11 (through 26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a patch available, it carries CVSS 7.0 but a high attack complexity (AC:H) reflecting the timing-sensitive nature of the flaw. There is no public exploit identified at time of analysis, and EPSS is low (0.19%, 9th percentile), consistent with CISA SSVC rating exploitation as 'none.'

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-54132 MEDIUM PATCH Exploit Unlikely This Month

Heap-based buffer overflow in Windows Kernel allows an unauthorized attacker to elevate privileges with a physical attack.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +9
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2026-54991 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows USB Print Driver lets an already-authenticated low-privileged user win a race condition to gain SYSTEM-level control on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. The flaw stems from unsynchronized access to a shared resource, and successful exploitation yields full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-54111 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows USB Print Driver on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 lets an already-authenticated low-privileged user win a timing race in the driver to gain elevated privileges. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV. The high attack complexity (must reliably win a race window) tempers real-world exploitability despite full confidentiality, integrity, and availability impact.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-55000 MEDIUM PATCH Exploit Unlikely This Month

Privilege escalation via use-after-free in the Windows USB Print Driver affects Windows 11 (versions 24H2, 25H2, 26H1) and Windows Server 2025, requiring physical access to exploit. An attacker with hands-on access to a target machine can trigger a memory corruption condition through the USB print subsystem to achieve full local privilege escalation - High confidentiality, integrity, and availability impact per CVSS. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2026-50697 HIGH PATCH This Week

Local privilege escalation in the Windows Common Log File System (CLFS) Driver allows an already-authenticated, low-privileged user to elevate to SYSTEM on a wide range of Windows client and server releases. Microsoft classifies the root cause as exposure of sensitive information (CWE-200), but the CVSS impact profile (C:H/I:H/A:H) reflects that the leaked kernel data enables full local privilege escalation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though CLFS has historically been a heavily exploited elevation-of-privilege target in Windows.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50696 HIGH PATCH This Week

Network denial of service in the Windows Internet Key Exchange (IKE) protocol implementation allows an unauthenticated remote attacker to crash affected systems by triggering a heap-based buffer overflow. All impact is to availability only (CVSS 7.5, A:H, no confidentiality or integrity loss), making this a reliability/uptime threat against IPsec/VPN-facing Windows 10, Windows 11, and Windows Server hosts rather than a code-execution vulnerability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and lack of authentication make it a meaningful patching priority for internet-exposed IPsec endpoints.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-54987 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Overlay Filter (WOF) driver allows an authenticated low-privileged user to elevate to SYSTEM by triggering a heap-based buffer overflow (CWE-122). The flaw spans a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 R2 through Server 2025. Microsoft has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +14
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-54989 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Quality Windows Audio/Video Experience (QWAVE) service lets an already-authenticated, low-privileged user elevate to higher privileges by exploiting a use-after-free (CWE-416) memory-corruption condition. The flaw spans a broad range of builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.0 (AV:L/AC:H/PR:L).

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD VulDB
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-54129 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Hyper-V (CWE-416 use-after-free) allows an authenticated attacker already running low-privileged code on an affected host to elevate to higher privileges, with full confidentiality, integrity, and availability impact. Reported by Microsoft and affecting a broad range of Windows 10, Windows 11, and Windows Server builds including Server 2019/2022/2025. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-49784 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows App Store component (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025) allows an authorized low-privileged attacker to win a race condition on an improperly synchronized shared resource and gain higher privileges. Exploitation is local-only and high-complexity because it depends on reliably hitting a narrow timing window, and no public exploit has been identified at time of analysis. A vendor patch is available via Microsoft's MSRC update guide.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-49177 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-49174 MEDIUM PATCH This Month

Missing authentication for critical function in Microsoft Windows DNS allows an authorized attacker to perform tampering locally.

Authentication Bypass Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-49173 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel (Windows 11 version 26H1) lets an already-authenticated low-privileged user corrupt kernel memory through a use-after-free condition and gain SYSTEM-level control. Microsoft self-reported the flaw and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 7.8 (High) score reflects full confidentiality, integrity, and availability compromise achievable entirely from a local, low-privilege foothold with no user interaction.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 26H1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-49172 CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft Windows FTP Service allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122). The flaw affects the FTP service across a broad range of Windows 10, Windows 11, and Windows Server (2019/2022/2025) builds and carries a critical CVSS 9.8 rating with no authentication or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated, network-reachable nature of the bug makes it a high-priority patch target.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +11
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-49175 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows DNS lets an already-authenticated, low-privileged attacker corrupt heap memory to gain higher (likely SYSTEM) privileges on affected Windows 10, Windows 11, and Windows Server 2022/2025 systems. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft itself, with a vendor patch available via MSRC. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so it currently represents a patch-priority rather than an emergency.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 21H2 Windows 10 Version 22H2 +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-49176 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows WalletService allows an authenticated low-privileged attacker to gain SYSTEM-level rights on the host, per CVSS:3.1 AV:L/AC:L/PR:L (7.8, High). The flaw stems from improper privilege management (CWE-269) in the WalletService component and affects a broad range of Windows client and server builds. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor patch from Microsoft is available.

Microsoft Privilege Escalation Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-49171 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Speech component affects a broad range of Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). A use-after-free flaw (CWE-416) lets an authenticated local attacker corrupt memory to gain SYSTEM-level privileges; CVSS is 7.8 with total technical impact per CISA SSVC. There is no public exploit identified at time of analysis, and EPSS is low at 0.26%, but a vendor patch is available via Microsoft's MSRC update guide.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-49170 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows StateRepository API lets an already-authenticated low-privileged user gain higher (typically SYSTEM-level) privileges due to insufficiently granular access control (CWE-1220). It affects a broad range of currently supported Windows client and server builds (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019/2022/2025). The flaw was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis (not listed in CISA KEV).

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2026-49168 MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to elevate privileges with a physical attack.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2026-49167 HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-49166 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Printer Drivers on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local attacker to gain SYSTEM-level privileges by triggering a use-after-free memory-corruption condition. The flaw grants full confidentiality, integrity, and availability impact (C:H/I:H/A:H) once low-level local access is obtained. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-49165 HIGH PATCH Exploit Unlikely This Week

Local information disclosure in the Microsoft Windows App Store (Store/AppX component) affects a broad range of Windows 10, Windows 11, and Windows Server releases (1607 through 26H1, Server 2016/2019/2022/2025). An authorized local attacker can leverage a use of uninitialized resource (CWE-908) to read memory contents that should not be exposed, with CVSS 7.1 reflecting high confidentiality impact but requiring low-privileged authenticated local access. There is no public exploit identified at time of analysis, it is not listed in CISA KEV, and Microsoft has released a patch via the MSRC update guide.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-49162 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Brokering File System (bfs.sys/Bfs component) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 (including Server Core), where a use-after-free (CWE-416) lets an already-authenticated local attacker corrupt kernel/broker memory to gain SYSTEM-level privileges. Exploitation requires low privileges but high attack complexity, and there is no public exploit identified at time of analysis. Microsoft has released a patch via its MSRC update guide.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD VulDB
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-48571 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows App Installer (the AppX/MSIX deployment component) lets a low-privileged but authenticated user corrupt memory via a use-after-free (CWE-416) and gain higher privileges on the host. The flaw affects Windows 11 (23H2, 24H2, 25H2, 26H1) and Windows Server 2025, was reported by Microsoft, and has a vendor patch available. There is no public exploit identified at time of analysis and it is not on CISA KEV, though the CVSS 7.0 rating and full C/I/A impact make it a meaningful patch-cycle priority.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 23H2 +5
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-48572 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows App Installer (App Installer / MSIX handler) on Windows 11 (23H2 through 26H1) and Windows Server 2025 lets an already-authenticated local attacker win a timing race to elevate to higher privileges. The flaw stems from improper synchronization of a shared resource during concurrent execution, and Microsoft has released a patch. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure Windows 11 Version 23H2 Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-42975 HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows Bluetooth Port Driver (bthport) allows an adjacent, unauthenticated attacker to run arbitrary code by triggering a heap-based buffer overflow over Bluetooth radio range. The flaw spans a wide range of Windows client and server builds, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. There is no public exploit identified at time of analysis, EPSS is modest at 0.38% (30th percentile), and CISA SSVC currently marks exploitation as 'none', but the CVSS 8.8 rating and 'total' technical impact make this a high-priority patch.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-42900 HIGH PATCH This Week

Privilege elevation in the Windows App Store component affects a broad range of Microsoft Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025), where a race condition (CWE-362) lets an unauthorized attacker win a timing window to gain elevated privileges over a network. The CVSS 3.1 score is 8.1 with a network vector and no authentication (PR:N), but high attack complexity (AC:H) reflects the difficulty of reliably winning the race. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; a vendor patch is available from Microsoft.

Authentication Bypass Microsoft Race Condition Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-34346 MEDIUM PATCH Exploit Unlikely This Month

Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +16
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-34349 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-42982 HIGH PATCH NEWS Exploit Unlikely This Week

Local privilege escalation in Windows Secure Kernel Mode (SKM/VTL1) allows an already-authenticated attacker to elevate to higher privileges on affected Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025 systems. The flaw stems from improper consistency validation of input crossing the trust boundary into the isolated secure kernel (CWE-1288), yielding full confidentiality, integrity, and availability impact on the local host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +12
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-48561 CRITICAL PATCH NEWS Exploit Unlikely Act Now

Remote code execution in the Microsoft 365 Copilot mobile apps for Android and iOS lets an unauthenticated attacker run code across a security boundary by getting a user to interact with crafted content (CWE-77 command injection). The CVSS 9.6 rating reflects network reach, low complexity, no privileges, and a changed scope with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, but a vendor patch is available and the flaw was self-reported by Microsoft.

Microsoft Command Injection Microsoft 365 Copilot For Android Microsoft 365 Copilot For Ios
NVD
CVSS 3.1
9.6
EPSS
0.8%
CVE-2026-53565 HIGH PATCH This Week

Local privilege escalation in the Citrix Secure Access Client and Citrix Endpoint Analysis (EPA) Client for Windows allows a low-privileged local user to gain higher (likely SYSTEM-level) privileges through improper privilege management (CWE-269). It affects Secure Access Client for Windows before 26.6.1.20 and Endpoint Analysis Client for Windows before 26.5.1.7, both of which run privileged Windows service/agent components on the endpoint. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Citrix rates the flaw high severity (CVSS 4.0 base 8.5) given full confidentiality, integrity, and availability impact once exploited.

Citrix Microsoft Privilege Escalation
NVD VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-53566 MEDIUM PATCH This Month

Out-of-bounds read in Citrix Secure Access Client for Windows (all versions before 26.6.1.20) enables a local low-privileged attacker to read memory beyond an allocated buffer boundary, resulting in high confidentiality impact with no integrity or availability consequence. The CVSS 4.0 score of 6.8 reflects the local attack vector and low-privilege requirement, meaning an attacker must already hold a foothold on the endpoint. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis.

Citrix Buffer Overflow Microsoft Information Disclosure Citrix Secure Access Client For Windows
NVD VulDB
CVSS 4.0
6.8
EPSS
0.1%
CVE-2026-6851 HIGH PATCH This Week

Local privilege escalation in Bitdefender Total Security and Internet Security for Windows (versions before 27.0.58.315) lets a less-privileged local user gain higher rights by abusing a symbolic-link race condition in the File Shredder module. Because the shredder operates with elevated privileges and does not safely resolve links before acting on files, an attacker who wins a time-of-check/time-of-use race can redirect a privileged file operation to a target of their choosing. No public exploit identified at time of analysis; the issue was reported by the vendor and requires local access plus user interaction, so EPSS-style mass-exploitation risk is limited.

Microsoft Information Disclosure Total Security Internet Security
NVD VulDB
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-0487 HIGH This Week

Arbitrary code execution in SAProuter on Microsoft Windows lets a local attacker plant a malicious DLL in an untrusted search-path location that SAProuter loads at runtime, hijacking the DLL loading process to run attacker code with the privileges of the SAProuter service. The flaw was reported by SAP and carries a CVSS 8.4 with full High impact on confidentiality, integrity, and availability; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Because SAProuter typically runs as a persistent network gateway service, successful exploitation can compromise a strategically positioned host in an SAP landscape.

RCE Microsoft Saprouter On Microsoft Windows
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-51539 HIGH This Week

A Denial of Service (DoS) vulnerability exists in the receive loop of libmodbus 3.1.12 when running on Windows. The issue stems from improper timeout management during network read operations.

Microsoft Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-58596 HIGH PATCH Exploit Likely This Week

Privilege elevation in Microsoft Edge (Chromium-based) lets a network attacker escalate privileges by luring a victim into loading crafted web content that triggers an untrusted pointer dereference (CWE-822). Microsoft rates it CVSS 8.3, driven by a scope change (sandbox/boundary crossing) and full confidentiality, integrity, and availability impact, but exploitation requires user interaction and is of high attack complexity. No public exploit identified at time of analysis (E:U), it is not on CISA KEV, and an official vendor fix is available.

Authentication Bypass Microsoft Google Microsoft Edge Chromium Based
NVD VulDB
CVSS 3.1
8.3
EPSS
0.5%
CVE-2026-58281 HIGH PATCH This Week

Remote code execution in Microsoft Edge (Chromium-based) lets an unauthenticated network attacker run arbitrary code by luring a victim into interacting with crafted content that triggers unsafe deserialization (CWE-502). The flaw carries CVSS 8.3 with a scope change, meaning successful exploitation can break out of the browser's security boundary, though there is no public exploit identified at time of analysis and Microsoft has already shipped a fix.

Deserialization Microsoft Google Microsoft Edge Chromium Based
NVD VulDB
CVSS 3.1
8.3
EPSS
0.7%
CVE-2026-61448 LOW PATCH Monitor

Stored XSS execution in Parse Server (versions 9.0.0 through pre-9.10.0-alpha.2 and all 8.x releases through 8.6.83) allows authenticated users with file-upload permissions to inject persistent JavaScript that executes in the application's origin against other users, but only when a cloud-based storage adapter is configured. By crafting a deliberately malformed Content-Type header - such as 'image' or 'image/' - an attacker exploits a gap in the mime-package lookup path that renders the fileUpload.fileExtensions blocklist ineffective, causing the malformed value to be stored verbatim in Amazon S3, Google Cloud Storage, or Azure Blob Storage. Browsers receiving a syntactically invalid Content-Type fall back to MIME sniffing and render HTML file bodies as web pages in the application's origin; no public exploit has been identified and the vulnerability is absent from CISA KEV, but the stored nature means a single successful upload persists as a live threat until patched or the file is removed.

XSS Google Microsoft File Upload Parse Server
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-54159 PHP CRITICAL PATCH GHSA Act Now

Unauthenticated remote code execution in the PrestaShop ps_facetedsearch (layered navigation) module versions 3.0.0 through 4.0.3 allows a single crafted front-office request to fully compromise the shop and its underlying server. The module rebuilds price/weight slider filter values from the request URL and later reads them back through a native unserialize(), enabling PHP object injection whose gadget chain writes a PHP webshell into the module directory. No public exploit is identified at time of analysis, but the flaw is trivially reachable and rated CVSS 10.0.

Deserialization Microsoft PHP
NVD GitHub
CVSS 3.1
10.0
CVE-2026-57221 MEDIUM PATCH This Month

Authenticated RabbitMQ users can bypass authorization controls on passive AMQP 0-9-1 declare operations, exposing internal broker topology metadata across all affected release branches (3.13.x, 4.0.x, 4.1.x, 4.2.x). The missing authorization check on passive queue.declare and exchange.declare allows any user with vhost connectivity to enumerate queue and exchange names and read live message and consumer counts without requiring elevated permissions. No public exploit code has been identified and the vulnerability is not in CISA KEV; however, the low exploitation complexity, authentication-only prerequisite, and broad affected version range meaningfully elevate real-world exposure risk in multi-tenant or shared-credential deployments.

Authentication Bypass Microsoft Rabbitmq Server
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2026-57214 HIGH PATCH This Week

Stored cross-site scripting in the RabbitMQ management UI (versions prior to 4.2.5) lets a user holding queue/exchange declaration permissions inject JavaScript that executes in another user's browser when they view the Queues or Exchanges pages. The malicious payload is supplied via the x-internal-purpose queue or exchange argument, which is rendered into an HTML title attribute without escaping. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it is fixed in RabbitMQ 4.2.5.

XSS Microsoft Rabbitmq Server
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-57211 CRITICAL PATCH Act Now

Server-side request forgery and NTLM credential exposure in the RabbitMQ management plugin (versions 4.1.0 to before 4.1.11 and 4.2.0 to before 4.2.6) on Windows lets remote actors coerce the broker into outbound DNS and SMB connections to attacker-controlled UNC paths. The static file handler rabbit_mgmt_wm_static passes URL-encoded backslashes to erl_prim_loader:read_file_info before path validation, but only when multiple management extension plugins are enabled. No public exploit has been identified at time of analysis, and the EPSS score is low (0.28%, 20th percentile) despite the CVSS 10.0 rating.

Microsoft Information Disclosure Rabbitmq Server
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.3%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in the Microsoft Graphics Component affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). An attacker who convinces a user to open a specially crafted file or content triggers an out-of-bounds read (CWE-125) that Microsoft rates as enabling code execution with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; exploitation requires local access plus user interaction, making it a standard patch-cycle priority rather than an emergency.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Network code execution in the Windows Print Spooler service allows an authenticated attacker to win a synchronization race and run arbitrary code across a broad range of Windows client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025). Microsoft rates it CVSS 8.8 with high confidentiality, integrity, and availability impact; a vendor patch is available, and there is no public exploit identified at time of analysis. Note that the CVE description and CVSS indicate remote code execution while the source tags label it 'Information Disclosure' — a discrepancy defenders should verify against the MSRC advisory.

Microsoft Race Condition Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Kernel Mode Driver affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a use-after-free (CWE-416) lets an already-authenticated local attacker corrupt kernel memory and elevate to SYSTEM. Reported by Microsoft with a patch already available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 7.8 (AV:L/PR:L) reflects a high-impact but locally-scoped flaw requiring an existing foothold on the host.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 20% CVSS 9.8
CRITICAL PATCH Exploit Likely Act Now

Remote code execution in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) lets an unauthenticated attacker run arbitrary code by sending a crafted serialized payload over the network. The flaw is an untrusted-data deserialization (CWE-502) rated CVSS 9.8 with PR:N/UI:N, meaning no credentials or user interaction are required. No public exploit identified at time of analysis, but the pre-auth network vector and SharePoint's long history as an attacker target make this a high-priority patch.

Microsoft Deserialization Microsoft Sharepoint Enterprise Server 2016 +2
NVD
EPSS 0% CVSS 8.1
HIGH PATCH Exploit Unlikely This Week

Spoofing in the Microsoft Bing Search app for iOS lets a remote attacker present deceptive or overlaid UI content that misleads the victim, because the app improperly restricts how rendered UI layers or frames are displayed (CWE-1021, a UI-redressing/clickjacking class of flaw). An unauthenticated attacker who lures a user into interacting with attacker-controlled content can manipulate what the user sees and trusts, potentially inducing them to act on falsified information. Microsoft has released a fix; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Apple Microsoft XSS +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows arises from a use-after-free flaw (CWE-416) in the Windows Storage component, affecting Windows 10 (1809, 21H2, 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2019/2022/2025. An authorized attacker who already has low-level access to a machine can trigger the freed-memory reuse to elevate to higher privileges (CVSS 7.0, high attack complexity). Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Missing authorization in Azure CycleCloud allows an authorized attacker to elevate privileges over a network.

Authentication Bypass Microsoft Azure Cyclecloud 8 9 1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Remote Help allows an authenticated low-privileged user to elevate to higher privileges via improper access control (authorization bypass) in the Remote Help component. Exploitation requires prior local access with limited privileges (PR:L) but no user interaction, yielding full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV, though Microsoft has released a patch.

Authentication Bypass Microsoft Windows Remote Help
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Information Disclosure +16
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Microsoft Azure CycleCloud 8.9.1 allows an authorized (low-privileged) attacker to gain elevated privileges over the network by reaching a critical function that lacks an authentication check (CWE-306). Reported by Microsoft with a patch available and rated CVSS 8.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The flaw enables full compromise of the CycleCloud instance's confidentiality, integrity, and availability, making it a high-priority patch for HPC-orchestration environments.

Authentication Bypass Microsoft Azure Cyclecloud 8 9 1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Admin Center allows an already-authenticated, low-privileged attacker to elevate to higher privileges by abusing an improper authentication weakness (CWE-287). Any host running the management tool is affected, and successful exploitation yields full confidentiality, integrity, and availability impact on the local system. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a fix.

Authentication Bypass Microsoft Windows Admin Center
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH Exploit Unlikely This Month

Untrusted search path in Microsoft XML allows an unauthorized attacker to bypass a security feature with a physical attack.

Authentication Bypass Microsoft Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Improper authentication in Windows Admin Center allows an authorized attacker to disclose information over a network.

Authentication Bypass Microsoft Windows Admin Center
NVD
EPSS 0% CVSS 3.3
LOW PATCH Exploit Unlikely Monitor

Information disclosure in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) via an out-of-bounds read (CWE-125) lets an attacker leak sensitive memory contents when a victim opens a maliciously crafted document. The CVSS 3.1 base score is 7.1 (AV:L/AC:L/PR:N/UI:R), reflecting local exploitation that requires user interaction but no prior authentication. Microsoft is the reporting source and has published a fix; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Hyper-V (Windows 11 24H2/25H2/26H1 and Windows Server 2022/2025) stems from a use-after-free memory-corruption condition that lets an attacker with a local foothold execute code at elevated, potentially SYSTEM/hypervisor-level privilege. Microsoft rates it CVSS 8.4 with total confidentiality, integrity, and availability impact, and there is no public exploit identified at time of analysis. EPSS is low (0.24%, 16th percentile) and CISA SSVC lists exploitation status as none, so this is a high-severity patch-on-cycle item rather than an actively exploited emergency.

Use After Free Memory Corruption Denial Of Service +7
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in Microsoft Windows Secure Socket Tunneling Protocol (SSTP) allows an unauthorized network attacker to run arbitrary code by triggering a use-after-free (CWE-416) memory-corruption condition. The flaw affects a broad range of Windows client and server releases from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025, and per its CVSS 9.8 vector requires no authentication or user interaction. There is no public exploit identified at time of analysis, and the EPSS probability is modest (0.61%), so despite the critical score exploitation is not yet observed.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 8.1
HIGH PATCH Exploit Unlikely This Week

Privilege elevation in Microsoft Windows Admin Center allows an already-authenticated (low-privileged) network attacker to bypass improper authentication controls and gain higher privileges, exposing high-value confidentiality and integrity impact. Rated CVSS 8.1 with low attack complexity and no user interaction, the flaw is remotely reachable but requires an existing authorized session. No public exploit identified at time of analysis; Microsoft has released a fix via the MSRC update guide.

Authentication Bypass Microsoft Windows Admin Center
NVD VulDB
EPSS 7% 7.9 CVSS 9.8
CRITICAL POC KEV PATCH THREAT Exploited Act Now

Privilege elevation in Microsoft SharePoint Server (Enterprise Server 2016, Server 2019, and Subscription Edition) lets an unauthenticated network attacker reach a security-critical function that lacks any authentication check (CWE-306), gaining elevated privileges on the target farm. The flaw is confirmed actively exploited (CISA KEV) with publicly available exploit code, and its CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N) reflects fully remote, unauthenticated exploitation with high confidentiality, integrity, and availability impact. Microsoft has released a patch via MSRC.

Authentication Bypass Microsoft Microsoft Sharepoint Enterprise Server 2016 +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft Excel (2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) arises from a use-after-free memory corruption (CWE-416) that an attacker triggers when a victim opens a maliciously crafted spreadsheet. Exploitation runs code in the context of the current user and requires user interaction (opening the file), with no public exploit identified at time of analysis. This is a locally-exploited, phishing-delivered class of bug typical of Office file-format handlers, patched by Microsoft via MSRC.

Use After Free Memory Corruption Denial Of Service +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (and the broader Office family through Microsoft 365 Apps, Office 2019/2021/2024 LTSC, Office for Mac, and Office Online Server) arises from a stack-based buffer overflow (CWE-121) triggered when a user opens a maliciously crafted spreadsheet. An attacker who convinces a victim to open the file runs arbitrary code in the security context of the current user, with high impact to confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV; Microsoft has released a patch.

Buffer Overflow Stack Overflow Microsoft +9
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +9
NVD
EPSS 0% CVSS 3.3
LOW PATCH Exploit Unlikely Monitor

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Heap Overflow Buffer Overflow Microsoft +9
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (including Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted spreadsheet, letting an attacker run arbitrary code in the user's context. The CVSS 3.1 score is 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), reflecting that exploitation needs user interaction but no prior privileges once the file is opened. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch.

Heap Overflow Buffer Overflow Microsoft +9
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

External control of file name or path in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Microsoft Information Disclosure Microsoft Sharepoint Enterprise Server 2016 +2
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Local tampering in Windows CryptoAPI (Crypt32) on Windows 11 (24H2/25H2/26H1) and Windows Server 2022/2025 stems from a missing cryptographic step, letting an authenticated local attacker undermine the integrity and confidentiality of cryptographically protected data. Microsoft rates it 7.1 (High) with high confidentiality and integrity impact; there is no public exploit identified at time of analysis and it is not on the CISA KEV list. A vendor patch is available through the MSRC update guide.

Microsoft Information Disclosure Windows 11 Version 24H2 +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Defender (Microsoft Malware Protection Engine) allows an unauthorized attacker to run arbitrary code by having a maliciously crafted file processed by the scanning engine. The flaw stems from an integer overflow (CWE-190) that corrupts memory during scanning, yielding full confidentiality, integrity, and availability impact. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis.

Buffer Overflow Microsoft Integer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Defender's Malware Protection Engine (mpengine) arises from an integer underflow (CWE-191) that a local attacker can trigger with no prior authentication but requiring user interaction, yielding high confidentiality, integrity, and availability impact. Because Defender's scanning engine runs with SYSTEM-level privileges, successful exploitation would grant full compromise of the host. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; Microsoft has released a fix.

Authentication Bypass Microsoft Integer Overflow +1
NVD
EPSS 0% CVSS 8.2
HIGH PATCH Exploit Unlikely This Week

Privilege elevation in Microsoft Azure Spring Apps allows an already-authenticated, low-privileged network attacker to gain higher privileges by abusing an improper authentication weakness (CWE-287) in the managed platform. Because the CVSS scope is marked as changed (S:C), a successful attack can reach resources beyond the attacker's originally authorized boundary, yielding high confidentiality and integrity impact. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; Microsoft has published an advisory and a patch is available server-side.

Java Authentication Bypass Microsoft +1
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) allows an already-authenticated attacker with low privileges to elevate to higher privileges by abusing unsafe deserialization of untrusted data. Microsoft reported the flaw and has released a patch; no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 3.1 base score is 7.8 (High), reflecting full confidentiality, integrity, and availability impact on the affected host.

Microsoft Deserialization Microsoft Exchange Server 2016 Cumulative Update 23 +3
NVD
EPSS 1% CVSS 9.6
CRITICAL PATCH Exploit Likely Act Now

Stored/reflected cross-site scripting in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) lets a network-based, unauthenticated attacker inject malicious script that executes in a victim's browser session, enabling spoofing and - per the scope-changed CVSS 9.6 vector - high impact to confidentiality, integrity, and availability of resources beyond the vulnerable component. Exploitation requires the target to view attacker-controlled content (UI:R). Microsoft has released a patch; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft XSS Microsoft Exchange Server 2016 Cumulative Update 23 +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) allows an authenticated attacker with low-level privileges on the server to elevate to higher privileges due to insufficiently granular access controls (CWE-1220). The CVSS 3.1 score of 7.8 (AV:L/AC:L/PR:L) reflects local exploitation yielding full confidentiality, integrity, and availability impact. A vendor patch is available; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Microsoft Information Disclosure Microsoft Exchange Server 2016 Cumulative Update 23 +3
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) lets an authenticated attacker corrupt heap memory to run arbitrary code across the network. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N) shows low-privilege network exploitation with full confidentiality, integrity, and availability impact, and Microsoft has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +4
NVD
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows GDI+ (the graphics rendering component) via a heap-based buffer overflow (CWE-122), affecting a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Server 2012 through Server 2025. Per the supplied CVSS vector (PR:N), an unauthorized attacker who gets the vulnerable component to process crafted graphics data can achieve high-impact code execution (C:H/I:H/A:H) on the local system. Microsoft has published a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows TCP/IP networking stack allows an unauthenticated attacker on the same physical or logical network segment to win a race condition and run arbitrary code on the target. The flaw spans a broad range of desktop and server builds from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. There is no public exploit identified at time of analysis, but Microsoft has confirmed the issue and shipped a patch, and the high CVSS (8.8) plus network-facing kernel component make it a priority to remediate.

Authentication Bypass Microsoft Race Condition +18
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Information disclosure via uninitialized memory in the Windows SMB driver stack affects a broad range of Windows 10, Windows 11, and Windows Server versions. A locally authenticated, low-privileged attacker can trigger a code path that reads from uninitialized memory within the SMB subsystem, potentially leaking sensitive kernel or heap memory contents. No public exploit code or active exploitation has been identified at the time of analysis; Microsoft has released a patch via MSRC.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of service in Windows Active Directory (spanning Windows 10, Windows 11, and Windows Server 2012 through 2025) lets a remote, unauthenticated attacker send crafted network traffic that drives an AD service into an infinite loop, exhausting CPU and rendering domain services unavailable. Because the CVSS vector is AV:N/AC:L/PR:N/UI:N with high availability impact and no confidentiality or integrity loss, this is a pure availability threat against domain controllers. Microsoft has released a patch; there is no public exploit identified at time of analysis and no CISA KEV listing.

Microsoft Denial Of Service Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows USB Print Driver affecting Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 lets an already-authenticated, low-privileged user win a race condition (CWE-362) in the driver to gain higher privileges. Microsoft has released a patch and reported the flaw itself; there is no public exploit identified at time of analysis. The high attack complexity (AC:H) reflects the timing-dependent nature of exploiting the shared-resource synchronization defect.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 2% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Win32K (the kernel-mode GUI subsystem) allows an authenticated local user to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of supported builds spanning Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025, including Server Core installations. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation to code execution in the Windows Resilient File System (ReFS) driver affects a broad range of Windows 10/11 and Windows Server 2016 through 2025 releases, where an integer overflow (CWE-190) in filesystem processing lets an already-authenticated local user run arbitrary code in an elevated context. The CVSS 3.1 vector (AV:L/PR:L) confirms low-privileged local access is required rather than remote exploitation, and there is no public exploit identified at time of analysis. Microsoft has released a patch via MSRC.

Buffer Overflow Microsoft Integer Overflow +14
NVD
EPSS 0% CVSS 8.4
HIGH POC PATCH Exploit Likely This Week

Local code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and server releases from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. A heap-based buffer overflow (CWE-122) lets an attacker who can reach the local MSMQ service run arbitrary code with high confidentiality, integrity, and availability impact; the CVSS 3.1 base score is 8.4 with a local attack vector but no privileges or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the vendor (Microsoft) has released a patch.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Printer Drivers component across Windows 10, Windows 11 (through 26H1), and Windows Server 2012 through 2025 lets an already-authenticated attacker corrupt kernel-adjacent memory to gain higher privileges. The flaw is a double free (CWE-415) triggered locally by a low-privileged user, yielding high confidentiality, integrity, and availability impact (CVSS 7.8). No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Windows Win32K kernel-mode subsystem allows an already-authenticated attacker to win a race condition (CWE-362) and elevate to SYSTEM-level privileges across supported Windows 10, Windows 11, and Windows Server 2019-2025 builds. Reported by Microsoft with a vendor patch available; there is no public exploit identified at time of analysis and EPSS is low (0.16%, 5th percentile). CVSS 7.0 reflects high attack complexity (AC:H) driven by the timing-window nature of the flaw and the requirement for existing low-privilege access (PR:L).

Microsoft Race Condition Information Disclosure +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Active Directory certificate-validation path lets an already-authenticated attacker on Windows 10 (1607/1809) and Windows Server 2016 through 2025 (including Server Core) improperly validate a certificate to gain higher privileges. Microsoft reported and patched the flaw (CWE-295), but there is no public exploit identified at time of analysis and it is not on CISA KEV. The CVSS 7.8 vector (AV:L/PR:L) confirms an authenticated local attacker with full confidentiality, integrity, and availability impact upon success.

Microsoft Information Disclosure Windows 10 Version 1607 +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Media Foundation lets an unauthorized attacker run arbitrary code by luring a user into opening a specially crafted media file. The flaw affects a broad range of Windows 10, Windows 11, and Windows Server builds (from 1809 through Windows 11 26H1 and Server 2025), and Microsoft has released patches. No public exploit identified at time of analysis, but the low attack complexity and full C/I/A impact make it a standard Patch-Tuesday priority.

Heap Overflow Buffer Overflow Microsoft +11
NVD VulDB
EPSS 2% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Win32K (the kernel-mode GUI subsystem) lets an already-authenticated low-privilege user corrupt kernel heap memory via a heap-based buffer overflow (CWE-122) to gain SYSTEM-level control. The flaw affects a broad range of client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Win32K kernel-mode subsystem allows an authenticated low-privileged user to win a race condition and elevate to SYSTEM across Windows 10, Windows 11 (through 26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a patch available, it carries CVSS 7.0 but a high attack complexity (AC:H) reflecting the timing-sensitive nature of the flaw. There is no public exploit identified at time of analysis, and EPSS is low (0.19%, 9th percentile), consistent with CISA SSVC rating exploitation as 'none.'

Microsoft Race Condition Information Disclosure +18
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH Exploit Unlikely This Month

Heap-based buffer overflow in Windows Kernel allows an unauthorized attacker to elevate privileges with a physical attack.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows USB Print Driver lets an already-authenticated low-privileged user win a race condition to gain SYSTEM-level control on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. The flaw stems from unsynchronized access to a shared resource, and successful exploitation yields full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows USB Print Driver on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 lets an already-authenticated low-privileged user win a timing race in the driver to gain elevated privileges. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV. The high attack complexity (must reliably win a race window) tempers real-world exploitability despite full confidentiality, integrity, and availability impact.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH Exploit Unlikely This Month

Privilege escalation via use-after-free in the Windows USB Print Driver affects Windows 11 (versions 24H2, 25H2, 26H1) and Windows Server 2025, requiring physical access to exploit. An attacker with hands-on access to a target machine can trigger a memory corruption condition through the USB print subsystem to achieve full local privilege escalation - High confidentiality, integrity, and availability impact per CVSS. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Common Log File System (CLFS) Driver allows an already-authenticated, low-privileged user to elevate to SYSTEM on a wide range of Windows client and server releases. Microsoft classifies the root cause as exposure of sensitive information (CWE-200), but the CVSS impact profile (C:H/I:H/A:H) reflects that the leaked kernel data enables full local privilege escalation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though CLFS has historically been a heavily exploited elevation-of-privilege target in Windows.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Network denial of service in the Windows Internet Key Exchange (IKE) protocol implementation allows an unauthenticated remote attacker to crash affected systems by triggering a heap-based buffer overflow. All impact is to availability only (CVSS 7.5, A:H, no confidentiality or integrity loss), making this a reliability/uptime threat against IPsec/VPN-facing Windows 10, Windows 11, and Windows Server hosts rather than a code-execution vulnerability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and lack of authentication make it a meaningful patching priority for internet-exposed IPsec endpoints.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Overlay Filter (WOF) driver allows an authenticated low-privileged user to elevate to SYSTEM by triggering a heap-based buffer overflow (CWE-122). The flaw spans a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 R2 through Server 2025. Microsoft has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +16
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Quality Windows Audio/Video Experience (QWAVE) service lets an already-authenticated, low-privileged user elevate to higher privileges by exploiting a use-after-free (CWE-416) memory-corruption condition. The flaw spans a broad range of builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.0 (AV:L/AC:H/PR:L).

Use After Free Memory Corruption Denial Of Service +19
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Hyper-V (CWE-416 use-after-free) allows an authenticated attacker already running low-privileged code on an affected host to elevate to higher privileges, with full confidentiality, integrity, and availability impact. Reported by Microsoft and affecting a broad range of Windows 10, Windows 11, and Windows Server builds including Server 2019/2022/2025. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows App Store component (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025) allows an authorized low-privileged attacker to win a race condition on an improperly synchronized shared resource and gain higher privileges. Exploitation is local-only and high-complexity because it depends on reliably hitting a narrow timing window, and no public exploit has been identified at time of analysis. A vendor patch is available via Microsoft's MSRC update guide.

Microsoft Race Condition Information Disclosure +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows TCP/IP allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Missing authentication for critical function in Microsoft Windows DNS allows an authorized attacker to perform tampering locally.

Authentication Bypass Microsoft Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel (Windows 11 version 26H1) lets an already-authenticated low-privileged user corrupt kernel memory through a use-after-free condition and gain SYSTEM-level control. Microsoft self-reported the flaw and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 7.8 (High) score reflects full confidentiality, integrity, and availability compromise achievable entirely from a local, low-privilege foothold with no user interaction.

Use After Free Memory Corruption Denial Of Service +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft Windows FTP Service allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122). The flaw affects the FTP service across a broad range of Windows 10, Windows 11, and Windows Server (2019/2022/2025) builds and carries a critical CVSS 9.8 rating with no authentication or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated, network-reachable nature of the bug makes it a high-priority patch target.

Heap Overflow Buffer Overflow Microsoft +13
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows DNS lets an already-authenticated, low-privileged attacker corrupt heap memory to gain higher (likely SYSTEM) privileges on affected Windows 10, Windows 11, and Windows Server 2022/2025 systems. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft itself, with a vendor patch available via MSRC. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so it currently represents a patch-priority rather than an emergency.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows WalletService allows an authenticated low-privileged attacker to gain SYSTEM-level rights on the host, per CVSS:3.1 AV:L/AC:L/PR:L (7.8, High). The flaw stems from improper privilege management (CWE-269) in the WalletService component and affects a broad range of Windows client and server builds. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor patch from Microsoft is available.

Microsoft Privilege Escalation Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Speech component affects a broad range of Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). A use-after-free flaw (CWE-416) lets an authenticated local attacker corrupt memory to gain SYSTEM-level privileges; CVSS is 7.8 with total technical impact per CISA SSVC. There is no public exploit identified at time of analysis, and EPSS is low at 0.26%, but a vendor patch is available via Microsoft's MSRC update guide.

Use After Free Memory Corruption Denial Of Service +15
NVD
EPSS 3% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows StateRepository API lets an already-authenticated low-privileged user gain higher (typically SYSTEM-level) privileges due to insufficiently granular access control (CWE-1220). It affects a broad range of currently supported Windows client and server builds (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019/2022/2025). The flaw was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis (not listed in CISA KEV).

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to elevate privileges with a physical attack.

Buffer Overflow Microsoft Integer Overflow +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Printer Drivers on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local attacker to gain SYSTEM-level privileges by triggering a use-after-free memory-corruption condition. The flaw grants full confidentiality, integrity, and availability impact (C:H/I:H/A:H) once low-level local access is obtained. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Local information disclosure in the Microsoft Windows App Store (Store/AppX component) affects a broad range of Windows 10, Windows 11, and Windows Server releases (1607 through 26H1, Server 2016/2019/2022/2025). An authorized local attacker can leverage a use of uninitialized resource (CWE-908) to read memory contents that should not be exposed, with CVSS 7.1 reflecting high confidentiality impact but requiring low-privileged authenticated local access. There is no public exploit identified at time of analysis, it is not listed in CISA KEV, and Microsoft has released a patch via the MSRC update guide.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Brokering File System (bfs.sys/Bfs component) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 (including Server Core), where a use-after-free (CWE-416) lets an already-authenticated local attacker corrupt kernel/broker memory to gain SYSTEM-level privileges. Exploitation requires low privileges but high attack complexity, and there is no public exploit identified at time of analysis. Microsoft has released a patch via its MSRC update guide.

Use After Free Memory Corruption Denial Of Service +6
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows App Installer (the AppX/MSIX deployment component) lets a low-privileged but authenticated user corrupt memory via a use-after-free (CWE-416) and gain higher privileges on the host. The flaw affects Windows 11 (23H2, 24H2, 25H2, 26H1) and Windows Server 2025, was reported by Microsoft, and has a vendor patch available. There is no public exploit identified at time of analysis and it is not on CISA KEV, though the CVSS 7.0 rating and full C/I/A impact make it a meaningful patch-cycle priority.

Use After Free Memory Corruption Denial Of Service +7
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows App Installer (App Installer / MSIX handler) on Windows 11 (23H2 through 26H1) and Windows Server 2025 lets an already-authenticated local attacker win a timing race to elevate to higher privileges. The flaw stems from improper synchronization of a shared resource during concurrent execution, and Microsoft has released a patch. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure +6
NVD
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows Bluetooth Port Driver (bthport) allows an adjacent, unauthenticated attacker to run arbitrary code by triggering a heap-based buffer overflow over Bluetooth radio range. The flaw spans a wide range of Windows client and server builds, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. There is no public exploit identified at time of analysis, EPSS is modest at 0.38% (30th percentile), and CISA SSVC currently marks exploitation as 'none', but the CVSS 8.8 rating and 'total' technical impact make this a high-priority patch.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Privilege elevation in the Windows App Store component affects a broad range of Microsoft Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025), where a race condition (CWE-362) lets an unauthorized attacker win a timing window to gain elevated privileges over a network. The CVSS 3.1 score is 8.1 with a network vector and no authentication (PR:N), but high attack complexity (AC:H) reflects the difficulty of reliably winning the race. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; a vendor patch is available from Microsoft.

Authentication Bypass Microsoft Race Condition +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +18
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Media allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1809 +10
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Secure Kernel Mode (SKM/VTL1) allows an already-authenticated attacker to elevate to higher privileges on affected Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025 systems. The flaw stems from improper consistency validation of input crossing the trust boundary into the isolated secure kernel (CWE-1288), yielding full confidentiality, integrity, and availability impact on the local host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 +14
NVD VulDB
EPSS 1% CVSS 9.6
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft 365 Copilot mobile apps for Android and iOS lets an unauthenticated attacker run code across a security boundary by getting a user to interact with crafted content (CWE-77 command injection). The CVSS 9.6 rating reflects network reach, low complexity, no privileges, and a changed scope with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, but a vendor patch is available and the flaw was self-reported by Microsoft.

Microsoft Command Injection Microsoft 365 Copilot For Android +1
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Local privilege escalation in the Citrix Secure Access Client and Citrix Endpoint Analysis (EPA) Client for Windows allows a low-privileged local user to gain higher (likely SYSTEM-level) privileges through improper privilege management (CWE-269). It affects Secure Access Client for Windows before 26.6.1.20 and Endpoint Analysis Client for Windows before 26.5.1.7, both of which run privileged Windows service/agent components on the endpoint. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but Citrix rates the flaw high severity (CVSS 4.0 base 8.5) given full confidentiality, integrity, and availability impact once exploited.

Citrix Microsoft Privilege Escalation
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Out-of-bounds read in Citrix Secure Access Client for Windows (all versions before 26.6.1.20) enables a local low-privileged attacker to read memory beyond an allocated buffer boundary, resulting in high confidentiality impact with no integrity or availability consequence. The CVSS 4.0 score of 6.8 reflects the local attack vector and low-privilege requirement, meaning an attacker must already hold a foothold on the endpoint. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis.

Citrix Buffer Overflow Microsoft +2
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Bitdefender Total Security and Internet Security for Windows (versions before 27.0.58.315) lets a less-privileged local user gain higher rights by abusing a symbolic-link race condition in the File Shredder module. Because the shredder operates with elevated privileges and does not safely resolve links before acting on files, an attacker who wins a time-of-check/time-of-use race can redirect a privileged file operation to a target of their choosing. No public exploit identified at time of analysis; the issue was reported by the vendor and requires local access plus user interaction, so EPSS-style mass-exploitation risk is limited.

Microsoft Information Disclosure Total Security +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Arbitrary code execution in SAProuter on Microsoft Windows lets a local attacker plant a malicious DLL in an untrusted search-path location that SAProuter loads at runtime, hijacking the DLL loading process to run attacker code with the privileges of the SAProuter service. The flaw was reported by SAP and carries a CVSS 8.4 with full High impact on confidentiality, integrity, and availability; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Because SAProuter typically runs as a persistent network gateway service, successful exploitation can compromise a strategically positioned host in an SAP landscape.

RCE Microsoft Saprouter On Microsoft Windows
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A Denial of Service (DoS) vulnerability exists in the receive loop of libmodbus 3.1.12 when running on Windows. The issue stems from improper timeout management during network read operations.

Microsoft Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 8.3
HIGH PATCH Exploit Likely This Week

Privilege elevation in Microsoft Edge (Chromium-based) lets a network attacker escalate privileges by luring a victim into loading crafted web content that triggers an untrusted pointer dereference (CWE-822). Microsoft rates it CVSS 8.3, driven by a scope change (sandbox/boundary crossing) and full confidentiality, integrity, and availability impact, but exploitation requires user interaction and is of high attack complexity. No public exploit identified at time of analysis (E:U), it is not on CISA KEV, and an official vendor fix is available.

Authentication Bypass Microsoft Google +1
NVD VulDB
EPSS 1% CVSS 8.3
HIGH PATCH This Week

Remote code execution in Microsoft Edge (Chromium-based) lets an unauthenticated network attacker run arbitrary code by luring a victim into interacting with crafted content that triggers unsafe deserialization (CWE-502). The flaw carries CVSS 8.3 with a scope change, meaning successful exploitation can break out of the browser's security boundary, though there is no public exploit identified at time of analysis and Microsoft has already shipped a fix.

Deserialization Microsoft Google +1
NVD VulDB
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Stored XSS execution in Parse Server (versions 9.0.0 through pre-9.10.0-alpha.2 and all 8.x releases through 8.6.83) allows authenticated users with file-upload permissions to inject persistent JavaScript that executes in the application's origin against other users, but only when a cloud-based storage adapter is configured. By crafting a deliberately malformed Content-Type header - such as 'image' or 'image/' - an attacker exploits a gap in the mime-package lookup path that renders the fileUpload.fileExtensions blocklist ineffective, causing the malformed value to be stored verbatim in Amazon S3, Google Cloud Storage, or Azure Blob Storage. Browsers receiving a syntactically invalid Content-Type fall back to MIME sniffing and render HTML file bodies as web pages in the application's origin; no public exploit has been identified and the vulnerability is absent from CISA KEV, but the stored nature means a single successful upload persists as a live threat until patched or the file is removed.

XSS Google Microsoft +2
NVD GitHub VulDB
CVSS 10.0
CRITICAL PATCH Act Now

Unauthenticated remote code execution in the PrestaShop ps_facetedsearch (layered navigation) module versions 3.0.0 through 4.0.3 allows a single crafted front-office request to fully compromise the shop and its underlying server. The module rebuilds price/weight slider filter values from the request URL and later reads them back through a native unserialize(), enabling PHP object injection whose gadget chain writes a PHP webshell into the module directory. No public exploit is identified at time of analysis, but the flaw is trivially reachable and rated CVSS 10.0.

Deserialization Microsoft PHP
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Authenticated RabbitMQ users can bypass authorization controls on passive AMQP 0-9-1 declare operations, exposing internal broker topology metadata across all affected release branches (3.13.x, 4.0.x, 4.1.x, 4.2.x). The missing authorization check on passive queue.declare and exchange.declare allows any user with vhost connectivity to enumerate queue and exchange names and read live message and consumer counts without requiring elevated permissions. No public exploit code has been identified and the vulnerability is not in CISA KEV; however, the low exploitation complexity, authentication-only prerequisite, and broad affected version range meaningfully elevate real-world exposure risk in multi-tenant or shared-credential deployments.

Authentication Bypass Microsoft Rabbitmq Server
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Stored cross-site scripting in the RabbitMQ management UI (versions prior to 4.2.5) lets a user holding queue/exchange declaration permissions inject JavaScript that executes in another user's browser when they view the Queues or Exchanges pages. The malicious payload is supplied via the x-internal-purpose queue or exchange argument, which is rendered into an HTML title attribute without escaping. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it is fixed in RabbitMQ 4.2.5.

XSS Microsoft Rabbitmq Server
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Server-side request forgery and NTLM credential exposure in the RabbitMQ management plugin (versions 4.1.0 to before 4.1.11 and 4.2.0 to before 4.2.6) on Windows lets remote actors coerce the broker into outbound DNS and SMB connections to attacker-controlled UNC paths. The static file handler rabbit_mgmt_wm_static passes URL-encoded backslashes to erl_prim_loader:read_file_info before path validation, but only when multiple management extension plugins are enabled. No public exploit has been identified at time of analysis, and the EPSS score is low (0.28%, 20th percentile) despite the CVSS 10.0 rating.

Microsoft Information Disclosure Rabbitmq Server
NVD GitHub VulDB
Prev Page 6 of 193 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy